IT disaster recovery, cloud computing and information security news

‘Rudimentary attacks’ pose greatest risk to midsized organizations

Rudimentary attacks, such as intrusion attempts, information gathering, and policy violations pose the greatest risk to midsized organizations, according to a recent cyber threat report by eSentire, Inc.

Produced by eSentire’s Threat Intelligence team, the ‘2016 Midmarket Threat Summary Report’ provides an overview of the cyber threats investigated by the eSentire Security Operations Center (SOC) in 2016.

The report addresses three key areas: threat types, threat volume, and attack types. The analytical assessment includes visual data analysis, written analytical evaluations, practical recommendations, and key analytical assumptions, providing threat perspective for business leaders in small and midsize enterprises, and actionable takeaways to help leaders strategically reduce the risk of cyber attacks.

Key findings from the report include:

March to April and September to October were the most intense periods of threat events throughout the year, with March being the most active month, and June to July being the least active.

The most often observed threat categories were intrusion attempts, information gathering, and policy violations, representing 63 percent of all observed attacks.

The top attack methods in the intrusion attempts category involve exploiting a Shellshock vulnerability (CVE-2014-6271), representing approximately 60 percent of all intrusion attempts.

OpenVAS remains the most prominent tool used for information gathering purposes, with 62 percent of all events attributed to this category. Attacks against the Secure Shell (SSH) protocol remain the second highest threat in this category, with 21% of all events attributed to attempts to guess or brute force passwords.

Key takeaways:

Rudimentary attacks pose the greatest risk – cybercriminals are moving away from sophisticated malicious code attacks, with the majority of attackers preferring inexpensive and automated methods of intrusions, exploiting ‘low hanging fruit’ (representing almost 30 percent of all observed events). This trend is expected to continue so long as these techniques are successful.

Every organization is a target – with easier access than ever before to simple and automated tools, cybercriminals can quickly and easily stage attacks against every business. Attacks, such as ransomware, can reap financial gains without the painstaking effort required to identify and extract high value information from an organization’s network.

Detecting and disrupting the common methods and tools used will make attacks less effective, directly impacting cybercriminal rationale when choosing attack targets. This includes steps to minimize the attack surface and tailoring of security controls.

Organizations can use seasonal threat trends to align security efforts to their advantage. For example, security awareness training is most effective when applied between December to March, ahead of the busiest time for threat activity, which is March to April.

Want news and features emailed to you?

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.